Re: [Openvas-discuss] Service temporarily down - status code 503
Hi, I'm not sure if I missed a reply for my issue or whether the problem is so severe that I need to reinstall OpenVAS from scratch. Cheers, Marcin -Original Message- From: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] On Behalf Of Marcin Szatkowski Sent: 03 November 2016 08:46 To: Reindl Harald <h.rei...@thelounge.net>; openvas-discuss@wald.intevation.org Subject: Re: [Openvas-discuss] Service temporarily down - status code 503 Hi, Thank you very much for all the tips and guides. I managed to go through the procedure advised by Christian at http://plugins.openvas.org/ova_503.txt . I had to modify the paths to the certificates slightly as they seem be located directly under /var/lib instead of /usr/local/var/lib. There was also no command for systemctl start gsa. I found a similar one which was systemctl start greenbone-security-assistant.service. I assume that's the one I need. I also had to remove the old certificate from Firefox in order to access the GSA website. I'm using Kali Linux by the way. I'm not getting the status code 503 anymore. However now whenever I click on Start button next to any task I've got preconfigured the only thing that happens is the spinning wheel in Firefox. When I refresh the website after couple of minutes of inactivity Status of the Task stays on Done and does not change to Requested or Running. Best regards, Marcin Marcin Szatkowski Lead Network Engineer Twisted Fish Limited 020 3141 6274 020 8940 4933 07887 886 775 mailto:marcin.szatkow...@twistedfish.com This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. -Original Message- From: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] On Behalf Of Reindl Harald Sent: 02 November 2016 15:11 To: openvas-discuss@wald.intevation.org Subject: Re: [Openvas-discuss] Service temporarily down - status code 503 interesting that one needs also "openvasmd --modify-scanner" and why in the world are they only valid for 365 days? "openvas-mkcert -f" asks and you can enter 3650 "openvas-mkcert-client -i -n" don't ask frankly when you have everything except GSA configured to listen and connect only on 127.0.0.1 that whole TLS dance is so useless the website is BTW missing "systemctl stop openvas-gsa.service" at the begin, otherwise the start-command don't make much sense __ on Fedora that would mean: systemctl stop openvas-scanner.service openvas-manager.service openvas-gsa.service openvas-mkcert -f openvas-mkcert-client -i -n openvasmd --get-scanners openvasmd --modify-scanner "08b69003-5fc2-4037-a479-93b440211c73" --scanner-ca-pub /etc/pki/openvas/CA/cacert.pem --scanner-key-pub /etc/pki/openvas/CA/clientcert.pem --scanner-key-priv /etc/pki/openvas/private/CA/clientkey.pem openvas-nvt-sync openvasmd --rebuild systemctl start openvas-manager systemctl start openvas-gsa.service __ if the scan still fails it's likely because the scanner did fail to start and so a "systemctl restart openvas-scanner.service" may help Operation: Start Task Status code:503 Status message: Service temporarily down ? openvas-scanner.service - OpenVAS Scanner Loaded: loaded (/etc/systemd/system/openvas-scanner.service; enabled; vendor preset: disabled) Active: failed (Result: signal) since Mi 2016-11-02 15:53:43 CET; 13min ago Process: 707 ExecStart=/usr/sbin/openvassd -f $SCANNER_PORT $SCANNER_LISTEN $SCANNER_SRCIP (code=killed, signal=KILL) Main PID: 707 (code=killed, signal=KILL) __ Am 02.11.2016 um 09:32 schrieb Christian Fischer: > Hi, > > On 28.10.2016 16:18, Marcin Szatkowski wrote: >> I was also messing around with certificates so that might be one of the >> issues. I went through countless troubleshooting steps and articles. > > the certificates are most likely your issue here. Have you also found > this step-by-step tutorial how to create a fresh certificate setup > which should solve your issue here: > > http://plugins.openvas.org/ova_503.txt > >> OpenVAS Scanner 5.0.5 >> OpenVAS Manager 6.0.8 >> Greenbone Security Assistant 6.0.10 > > You might also want to update these components as they are quite outdated: > > http://openvas.org/install-source.html
Re: [Openvas-discuss] Service temporarily down - status code 503
Hi, On 02.11.2016 16:10, Reindl Harald wrote: > "openvas-mkcert -f" asks and you can enter 3650 > "openvas-mkcert-client -i -n" don't ask openvas-mkcert-client -h -n Run non-interactively, create certificates and register user with the OpenVAS scanner If you skip the -n parameter you will also get asked for the certificate life time. > frankly when you have everything except GSA configured to listen and > connect only on 127.0.0.1 that whole TLS dance is so useless The OpenVAS9 betas have already the possibility to use unix sockets for the connection between the components. So after the final release of OpenVAS9 this is not needed anymore. > the website is BTW missing "systemctl stop openvas-gsa.service" at the begin, otherwise the start-command don't make much sense Thanks, just was updated. Please also note that the linked documentation is matching the needed steps for the OpenVAS VM available at http://openvas.org/vm.html. They might differ if other distros are used. Regards, -- Christian Fischer | PGP Key: 0x54F3CE5B76C597AD Greenbone Networks GmbH | http://greenbone.net Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Service temporarily down - status code 503
Hi, Thank you very much for all the tips and guides. I managed to go through the procedure advised by Christian at http://plugins.openvas.org/ova_503.txt . I had to modify the paths to the certificates slightly as they seem be located directly under /var/lib instead of /usr/local/var/lib. There was also no command for systemctl start gsa. I found a similar one which was systemctl start greenbone-security-assistant.service. I assume that's the one I need. I also had to remove the old certificate from Firefox in order to access the GSA website. I'm using Kali Linux by the way. I'm not getting the status code 503 anymore. However now whenever I click on Start button next to any task I've got preconfigured the only thing that happens is the spinning wheel in Firefox. When I refresh the website after couple of minutes of inactivity Status of the Task stays on Done and does not change to Requested or Running. Best regards, Marcin Marcin Szatkowski Lead Network Engineer Twisted Fish Limited 020 3141 6274 020 8940 4933 07887 886 775 mailto:marcin.szatkow...@twistedfish.com This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. -Original Message- From: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] On Behalf Of Reindl Harald Sent: 02 November 2016 15:11 To: openvas-discuss@wald.intevation.org Subject: Re: [Openvas-discuss] Service temporarily down - status code 503 interesting that one needs also "openvasmd --modify-scanner" and why in the world are they only valid for 365 days? "openvas-mkcert -f" asks and you can enter 3650 "openvas-mkcert-client -i -n" don't ask frankly when you have everything except GSA configured to listen and connect only on 127.0.0.1 that whole TLS dance is so useless the website is BTW missing "systemctl stop openvas-gsa.service" at the begin, otherwise the start-command don't make much sense __ on Fedora that would mean: systemctl stop openvas-scanner.service openvas-manager.service openvas-gsa.service openvas-mkcert -f openvas-mkcert-client -i -n openvasmd --get-scanners openvasmd --modify-scanner "08b69003-5fc2-4037-a479-93b440211c73" --scanner-ca-pub /etc/pki/openvas/CA/cacert.pem --scanner-key-pub /etc/pki/openvas/CA/clientcert.pem --scanner-key-priv /etc/pki/openvas/private/CA/clientkey.pem openvas-nvt-sync openvasmd --rebuild systemctl start openvas-manager systemctl start openvas-gsa.service __ if the scan still fails it's likely because the scanner did fail to start and so a "systemctl restart openvas-scanner.service" may help Operation: Start Task Status code:503 Status message: Service temporarily down ? openvas-scanner.service - OpenVAS Scanner Loaded: loaded (/etc/systemd/system/openvas-scanner.service; enabled; vendor preset: disabled) Active: failed (Result: signal) since Mi 2016-11-02 15:53:43 CET; 13min ago Process: 707 ExecStart=/usr/sbin/openvassd -f $SCANNER_PORT $SCANNER_LISTEN $SCANNER_SRCIP (code=killed, signal=KILL) Main PID: 707 (code=killed, signal=KILL) __ Am 02.11.2016 um 09:32 schrieb Christian Fischer: > Hi, > > On 28.10.2016 16:18, Marcin Szatkowski wrote: >> I was also messing around with certificates so that might be one of the >> issues. I went through countless troubleshooting steps and articles. > > the certificates are most likely your issue here. Have you also found > this step-by-step tutorial how to create a fresh certificate setup > which should solve your issue here: > > http://plugins.openvas.org/ova_503.txt > >> OpenVAS Scanner 5.0.5 >> OpenVAS Manager 6.0.8 >> Greenbone Security Assistant 6.0.10 > > You might also want to update these components as they are quite outdated: > > http://openvas.org/install-source.html ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss - This email was processed through the Twisted Fish spam filter to filter junk messages. If you feel this message has been tagged incorrectly, you can change its category by clicking the link below. Click
Re: [Openvas-discuss] Service temporarily down - status code 503
interesting that one needs also "openvasmd --modify-scanner" and why in the world are they only valid for 365 days? "openvas-mkcert -f" asks and you can enter 3650 "openvas-mkcert-client -i -n" don't ask frankly when you have everything except GSA configured to listen and connect only on 127.0.0.1 that whole TLS dance is so useless the website is BTW missing "systemctl stop openvas-gsa.service" at the begin, otherwise the start-command don't make much sense __ on Fedora that would mean: systemctl stop openvas-scanner.service openvas-manager.service openvas-gsa.service openvas-mkcert -f openvas-mkcert-client -i -n openvasmd --get-scanners openvasmd --modify-scanner "08b69003-5fc2-4037-a479-93b440211c73" --scanner-ca-pub /etc/pki/openvas/CA/cacert.pem --scanner-key-pub /etc/pki/openvas/CA/clientcert.pem --scanner-key-priv /etc/pki/openvas/private/CA/clientkey.pem openvas-nvt-sync openvasmd --rebuild systemctl start openvas-manager systemctl start openvas-gsa.service __ if the scan still fails it's likely because the scanner did fail to start and so a "systemctl restart openvas-scanner.service" may help Operation: Start Task Status code:503 Status message: Service temporarily down ? openvas-scanner.service - OpenVAS Scanner Loaded: loaded (/etc/systemd/system/openvas-scanner.service; enabled; vendor preset: disabled) Active: failed (Result: signal) since Mi 2016-11-02 15:53:43 CET; 13min ago Process: 707 ExecStart=/usr/sbin/openvassd -f $SCANNER_PORT $SCANNER_LISTEN $SCANNER_SRCIP (code=killed, signal=KILL) Main PID: 707 (code=killed, signal=KILL) __ Am 02.11.2016 um 09:32 schrieb Christian Fischer: Hi, On 28.10.2016 16:18, Marcin Szatkowski wrote: I was also messing around with certificates so that might be one of the issues. I went through countless troubleshooting steps and articles. the certificates are most likely your issue here. Have you also found this step-by-step tutorial how to create a fresh certificate setup which should solve your issue here: http://plugins.openvas.org/ova_503.txt OpenVAS Scanner 5.0.5 OpenVAS Manager 6.0.8 Greenbone Security Assistant 6.0.10 You might also want to update these components as they are quite outdated: http://openvas.org/install-source.html ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Service temporarily down - status code 503
Hi, On 28.10.2016 16:18, Marcin Szatkowski wrote: > I was also messing around with certificates so that might be one of the > issues. I went through countless troubleshooting steps and articles. the certificates are most likely your issue here. Have you also found this step-by-step tutorial how to create a fresh certificate setup which should solve your issue here: http://plugins.openvas.org/ova_503.txt > OpenVAS Scanner 5.0.5 > OpenVAS Manager 6.0.8 > Greenbone Security Assistant 6.0.10 You might also want to update these components as they are quite outdated: http://openvas.org/install-source.html -- Christian Fischer | PGP Key: 0x54F3CE5B76C597AD Greenbone Networks GmbH | http://greenbone.net Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Service temporarily down
First check if the processes are running. openvassd openvasmd gsad Then try these solution: http://plugins.openvas.org/ova_503.txt <http://plugins.openvas.org/ova_503.txt> If it is still not scanning try this: https://forums.kali.org/showthread.php?29682-Openvas-Reloaded-all-the-NVTs-issue <https://forums.kali.org/showthread.php?29682-Openvas-Reloaded-all-the-NVTs-issue> > No dia 29/09/2016, às 17:00, Παναγιώτης Λεόντιος <leonti...@ath.forthnet.gr> > escreveu: > > Dear Chris, > > I had exactly the same problem! > Started with all the 503.txt stuff but no luck. > I also did all the Debian updates and everything recommended in the OpenVAS > Demo page. > I also deleted my first installation and replaced it with a fresh one. > There were some advice from several guys in here, but nothing seemed to > work... > At some point it worked!!! > Honestly, there is not something specific I did and remember to tell you > about :( > But, keep updating everything (OS, NVTs, run 503.txt again) and hopefully it > will eventually run. > Alternatively, you can install the Kali packages (OVA file) in VM; it works > with no problems whatsoever. > > Panos > > -Original Message- > From: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] > On Behalf Of Christoph Hodel > Sent: Thursday, September 29, 2016 6:38 PM > To: openvas-discuss@wald.intevation.org > Subject: [Openvas-discuss] Service temporarily down > > Hi all > > I still have the same problem: > Downloaded vm from homepage with demo installation. > All works fine, except... > > Running openvas-check-setup returns " It seems like your OpenVAS > installation is OK." > Attached the log file of the check. > > But the result for running a task is always: > "Results of last operation: Start Task: 503 Service temporarily down" > > We have already done these steps: > http://plugins.openvas.org/ova_503.txt > > Who can help? Thank to all... > Chris > > ___ > Openvas-discuss mailing list > Openvas-discuss@wald.intevation.org > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Service temporarily down
Dear Chris, I had exactly the same problem! Started with all the 503.txt stuff but no luck. I also did all the Debian updates and everything recommended in the OpenVAS Demo page. I also deleted my first installation and replaced it with a fresh one. There were some advice from several guys in here, but nothing seemed to work... At some point it worked!!! Honestly, there is not something specific I did and remember to tell you about :( But, keep updating everything (OS, NVTs, run 503.txt again) and hopefully it will eventually run. Alternatively, you can install the Kali packages (OVA file) in VM; it works with no problems whatsoever. Panos -Original Message- From: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] On Behalf Of Christoph Hodel Sent: Thursday, September 29, 2016 6:38 PM To: openvas-discuss@wald.intevation.org Subject: [Openvas-discuss] Service temporarily down Hi all I still have the same problem: Downloaded vm from homepage with demo installation. All works fine, except... Running openvas-check-setup returns " It seems like your OpenVAS installation is OK." Attached the log file of the check. But the result for running a task is always: "Results of last operation: Start Task: 503 Service temporarily down" We have already done these steps: http://plugins.openvas.org/ova_503.txt Who can help? Thank to all... Chris ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] Service temporarily down
Hi all I still have the same problem: Downloaded vm from homepage with demo installation. All works fine, except... Running openvas-check-setup returns " It seems like your OpenVAS installation is OK." Attached the log file of the check. But the result for running a task is always: "Results of last operation: Start Task: 503 Service temporarily down" We have already done these steps: http://plugins.openvas.org/ova_503.txt Who can help? Thank to all... Chris openvas-check-setup.log Description: openvas-check-setup.log ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] Service temporarily down
On 27. September 2016 14:41 Christian Fischer wrote >the document available here shows the needed steps to get it up again: >http://plugins.openvas.org/ova_503.txt All works fine - no errors... But after starting everything, the webinterface ist not available. After reboot of the VM, it is available again, but still "Service temporarily down"! :-( P.S: Is it correct, that openvasmd --modify-scanner gives the feedback, that server is updated, but --scanner-ca-pub and --scanner-key-pub and --scanner-key-priv does not give any feedback? ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Service temporarily down
Hi, On 27.09.2016 14:16, Christoph Hodel wrote: > But the result for running a task is always: > "Results of last operation: Start Task: 503 Service temporarily down" the document available here shows the needed steps to get it up again: http://plugins.openvas.org/ova_503.txt ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] Service temporarily down
Hi all Downloaded vm from homepage with demo installation. All works fine, except... Running openvas-check-setup returns " It seems like your OpenVAS installation is OK." But the result for running a task is always: "Results of last operation: Start Task: 503 Service temporarily down" Attached the log file of the check. Who can help? Chris openvas-check-setup.log Description: openvas-check-setup.log ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Service temporarily down
Any advice how to apply the certificate renewal/change to the database is very welcome. 17.11.201511:27:41matthew.mund...@greenbone.net wrote on 09.11.2015 15:47:39: > From: > To: Helmut Koers , > Cc: Chris, openvas-disc u...@wald.intevation.org> Date: 09.11.2015 15:48> Subject: Re: [Openvas-discuss] S ervice temporarily down> Sent by: matthe w.mund...@greenbone.net> > > Where would I need to apply the update? I have not changed the file names > > of the certificates, so my question is, is it a link to the certificate > > files or will the content of the certificate files be imported into the > > database? > > The contents of the certificate files is stored in the database. The links > are not stored. > > If the certificate changes then anything in the database that uses them > must change too. > > -- > Greenbone Networks GmbH > Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 > Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Service temporarily down
> Any advice how to apply the certificate renewal/change to the database is > very welcome. I use the command I posted in a previous message: LD_LIBRARY_PATH=/home/mattm/alts/openvas8/lib/ ~/alts/openvas8/sbin/openvasmd --modify-scanner 08b69003-5fc2-4037-a479-93b440211c73 --scanner-port --scanner-ca-pub ~/alts/openvas8/var/lib/openvas/CA/cacert.pem --scanner-key-pub ~/alts/openvas8/var/lib/openvas/CA/servercert.pem --scanner-key-priv ~/alts/openvas8/var/lib/openvas/private/CA/serverkey.pem Basically, it's openvasmd with the --modify-scanner option. -- Greenbone Networks GmbH Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Service temporarily down
Can you please provide details on how to apply the database updates that are needed after the certificate renewal. Is there any documentation available regarding this actions? On the other hand I am a little confused that there is additional action needed on Debian OS, but there seems to be no action needed on CentOS, after having renewed the certificates, or is the CentOS proceeding based on experience from the past where is was not needed? 10.11.201508:32:55matthew.mund...@greenbone.net wrote on 09.11.2015 15:47:39: > From: > To: Helmut Koers , > Cc: Chris, openvas-disc u...@wald.intevation.org> Date: 09.11.2015 15:48> Subject: Re: [Openvas-discuss] S ervice temporarily down> Sent by: matthe w.mund...@greenbone.net> > > Where would I need to apply the update? I have not changed the file names > > of the certificates, so my question is, is it a link to the certificate > > files or will the content of the certificate files be imported into the > > database? > > The contents of the certificate files is stored in the database. The links > are not stored. > > If the certificate changes then anything in the database that uses them > must change too. > > -- > Greenbone Networks GmbH > Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 > Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Service temporarily down
> Where would I need to apply the update? I have not changed the file names > of the certificates, so my question is, is it a link to the certificate > files or will the content of the certificate files be imported into the > database? The contents of the certificate files is stored in the database. The links are not stored. If the certificate changes then anything in the database that uses them must change too. -- Greenbone Networks GmbH Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Service temporarily down
What I actually do not understand is, why is it working with the certificates that are created during OpenVAS set up, but not with the ones being created afterwards, using the same tools and versions of it? Can that be related to any versions? From: Chris <fisch@gmx.de> To: openvas-discuss@wald.intevation.org, Date: 09.11.2015 13:17 Subject: Re: [Openvas-discuss] Service temporarily down Sent by:"Openvas-discuss" <openvas-discuss-boun...@wald.intevation.org> > Usually problem might be related to some incorrect library versions. Might be related to one of those reports: https://wald.intevation.org/tracker/index.php?func=detail=6572_id=29=220 http://comments.gmane.org/gmane.comp.security.openvas.users/6208 https://bugs.gentoo.org/show_bug.cgi?id=525640 ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss 09.11.201512:56:56 ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Service temporarily down
Right, unfortunately it is still not working.. 09.11.201515:05:33eero.t.voloti...@gmail.com wrote on 09.11.2015 15:05:33: > From: Eero Volotinen <eero.voloti...@iki.fi>> To: Helmut Koers , > Cc: Chris <fisch@gmx.de>, openvas-disc u...@wald.intevation.org> Date: 09.11.2015 15:13> Subject: Re: [Openvas-discuss] S ervice temporarily down> Sent by: eer o.t.voloti...@gmail.com> > And s till not working?> Eero> 9.11.2015 3.18 ip. "Helmut Koers" <HKoers@de.h ellmann.net> kirjoitti:> No, I didn't. I did a clean Debian/OpenVAS install just to test that > issue, I have updated the certificates right after I have installed and > tested OpenVAS to check if issue is still there, with no additional > installations or upgrades. > > > 09.11.201514:03:40eero.t.voloti...@gmail.com wrote on 09.11.2015 > 14:03:40: > > > From: Eero Volotinen > <eero.voloti...@iki.fi>> To: Helmut Koers o...@de.hellmann.net>, > Cc: Chris <fisch@gmx.de>, > "openvas-discuss@wald.intevation.org" > > s...@wald.intevation.org>> > Date: 09.11.2015 14:03> Subject: Re: [Openvas-discuss] S > ervice temporarily down> Sent by: eer > o.t.voloti...@gmail.com> > > Well, did you upgrade some > packages like gnutls? > > This might be related to software upgr > ade, no > t cert > ificates..> > > --> Eero> > > 2015-11-09 15:00 GMT+02:00 Helmut Koers ko...@de.hellmann.net>:> What I actually do not understand is, why is it > working with the > > certificates that are created during OpenVAS set up, but not with the > ones > > being created afterwards, using the same tools and versions of it? Can > > that be related to any versions? > > > > > > > > From: Chris <fisch@gmx.de> > > To: openvas-discuss@wald.intevation.org, > > Date: 09.11.2015 13:17 > > Subject:Re: [Openvas-discuss] Service temporarily down > > Sent by:"Openvas-discuss" > > <openvas-discuss-bounces@w > ald.intevation.org> > > > > > > > Usually problem might be related to some incorrect library versions. > > > > Might be related to one of those reports: > > > > https://wald.intevation.org/tracker/index.php? > > func=detail=6572_id=29=220 > > > > http://comments.gmane.org/gmane.comp.security.openvas.users/6208 > > https://bugs.gentoo.org/show_bug.cgi?id=525640 > > ___ > > Openvas-discuss mailing list > > Openvas-discuss@wald.intevation.org > > https://lists.wald.intevation.org/cgi-bin/mailman/l > istinfo/openvas-discuss> > 09.11.201512:56:56> > > ___ > > Openvas-discuss mailing list > > Openvas-discuss@wald.intevation.org > > > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Service temporarily down
Where would I need to apply the update? I have not changed the file names of the certificates, so my question is, is it a link to the certificate files or will the content of the certificate files be imported into the database? 09.11.201515:30:11matthew.mund...@greenbone.net wrote on 09.11.2015 14:05:32: > From: > To: Helmut Koers , > Cc: Chris, openvas-disc u...@wald.intevation.org> Date: 09.11.2015 14:06> Subject: Re: [Openvas-discuss] S ervice temporarily down> Sent by: matthe w.mund...@greenbone.net> > > What I actually do not understand is, why is it working with the > > certificates that are created during OpenVAS set up, but not with the ones > > being created afterwards, using the same tools and versions of it? Can > > that be related to any versions? > > Have you updated Manager's record of the certificates used for that > scanner? > > Something like: > LD_LIBRARY_PATH=/home/mattm/alts/openvas8/lib/ ~/alts/openvas8/sbin/ > openvasmd --modify-scanner 08b69003-5fc2-4037-a479-93b440211c73 -- > scanner-port --scanner-ca-pub ~/alts/openvas8/var/lib/openvas/ > CA/cacert.pem --scanner-key-pub ~/alts/openvas8/var/lib/openvas/CA/ > servercert.pem --scanner-key-priv ~/alts/openvas8/var/lib/openvas/ > private/CA/serverkey.pem > > -- > Greenbone Networks GmbH > Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 > Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Service temporarily down
> Usually problem might be related to some incorrect library versions. Might be related to one of those reports: https://wald.intevation.org/tracker/index.php?func=detail=6572_id=29=220 http://comments.gmane.org/gmane.comp.security.openvas.users/6208 https://bugs.gentoo.org/show_bug.cgi?id=525640 ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Service temporarily down
Well, did you upgrade some packages like gnutls? This might be related to software upgrade, not certificates.. -- Eero 2015-11-09 15:00 GMT+02:00 Helmut Koers <hko...@de.hellmann.net>: > What I actually do not understand is, why is it working with the > certificates that are created during OpenVAS set up, but not with the ones > being created afterwards, using the same tools and versions of it? Can > that be related to any versions? > > > > From: Chris <fisch@gmx.de> > To: openvas-discuss@wald.intevation.org, > Date: 09.11.2015 13:17 > Subject: Re: [Openvas-discuss] Service temporarily down > Sent by:"Openvas-discuss" > <openvas-discuss-boun...@wald.intevation.org> > > > > > Usually problem might be related to some incorrect library versions. > > Might be related to one of those reports: > > > https://wald.intevation.org/tracker/index.php?func=detail=6572_id=29=220 > > http://comments.gmane.org/gmane.comp.security.openvas.users/6208 > https://bugs.gentoo.org/show_bug.cgi?id=525640 > ___ > Openvas-discuss mailing list > Openvas-discuss@wald.intevation.org > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss > 09.11.201512:56:56 > > ___ > Openvas-discuss mailing list > Openvas-discuss@wald.intevation.org > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss > ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Service temporarily down
And still not working? Eero 9.11.2015 3.18 ip. "Helmut Koers" <hko...@de.hellmann.net> kirjoitti: > No, I didn't. I did a clean Debian/OpenVAS install just to test that > issue, I have updated the certificates right after I have installed and > tested OpenVAS to check if issue is still there, with no additional > installations or upgrades. > > > 09.11.201514:03:40eero.t.voloti...@gmail.com wrote on 09.11.2015 > 14:03:40: > > > From: Eero Volotinen > <eero.voloti...@iki.fi>> To: Helmut Koers o...@de.hellmann.net>, > Cc: Chris <fisch@gmx.de>, > "openvas-discuss@wald.intevation.org" > > s...@wald.intevation.org>> > Date: 09.11.2015 14:03> Subject: Re: [Openvas-discuss] S > ervice temporarily down> Sent by: eer > o.t.voloti...@gmail.com> > > Well, did you upgrade some > packages like gnutls? > > This might be related to software upgr > ade, no > t cert > ificates..> > > --> Eero> > > 2015-11-09 15:00 GMT+02:00 Helmut Koers ko...@de.hellmann.net>:> What I actually do not understand is, why is it > working with the > > certificates that are created during OpenVAS set up, but not with the > ones > > being created afterwards, using the same tools and versions of it? Can > > that be related to any versions? > > > > > > > > From: Chris <fisch@gmx.de> > > To: openvas-discuss@wald.intevation.org, > > Date: 09.11.2015 13:17 > > Subject:Re: [Openvas-discuss] Service temporarily down > > Sent by:"Openvas-discuss" > > <openvas-discuss-bounces@w > ald.intevation.org> > > > > > > > Usually problem might be related to some incorrect library versions. > > > > Might be related to one of those reports: > > > > https://wald.intevation.org/tracker/index.php? > > func=detail=6572_id=29=220 > > > > http://comments.gmane.org/gmane.comp.security.openvas.users/6208 > > https://bugs.gentoo.org/show_bug.cgi?id=525640 > > ___ > > Openvas-discuss mailing list > > Openvas-discuss@wald.intevation.org > > https://lists.wald.intevation.org/cgi-bin/mailman/l > istinfo/openvas-discuss> > 09.11.201512:56:56> > > ___ > > Openvas-discuss mailing list > > Openvas-discuss@wald.intevation.org > > > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss > ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Service temporarily down
No, I didn't. I did a clean Debian/OpenVAS install just to test that issue, I have updated the certificates right after I have installed and tested OpenVAS to check if issue is still there, with no additional installations or upgrades. 09.11.201514:03:40eero.t.voloti...@gmail.com wrote on 09.11.2015 14:03:40: > From: Eero Volotinen <eero.voloti...@iki.fi>> To: Helmut Koers , > Cc: Chris <fisch@gmx.de>, "openvas-discuss@wald.intevation.org" > > Date: 09.11.2015 14:03> Subject: Re: [Openvas-discuss] S ervice temporarily down> Sent by: eer o.t.voloti...@gmail.com> > Well, did you upgrade some packages like gnutls? > This might be related to software upgr ade, no t cert ificates..> > --> Eero> > 2015-11-09 15:00 GMT+02:00 Helmut Koers :> What I actually do not understand is, why is it working with the > certificates that are created during OpenVAS set up, but not with the ones > being created afterwards, using the same tools and versions of it? Can > that be related to any versions? > > > > From: Chris <fisch@gmx.de> > To: openvas-discuss@wald.intevation.org, > Date: 09.11.2015 13:17 > Subject:Re: [Openvas-discuss] Service temporarily down > Sent by:"Openvas-discuss" > <openvas-discuss-bounces@w ald.intevation.org> > > > > Usually problem might be related to some incorrect library versions. > > Might be related to one of those reports: > > https://wald.intevation.org/tracker/index.php? > func=detail=6572_id=29=220 > > http://comments.gmane.org/gmane.comp.security.openvas.users/6208 > https://bugs.gentoo.org/show_bug.cgi?id=525640 > ___ > Openvas-discuss mailing list > Openvas-discuss@wald.intevation.org > https://lists.wald.intevation.org/cgi-bin/mailman/l istinfo/openvas-discuss> 09.11.201512:56:56> > ___ > Openvas-discuss mailing list > Openvas-discuss@wald.intevation.org > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Service temporarily down
So, You did clean install of debian and then installed openvas8 on top of it? Then it sounds like library version issue. This is a bit hard to debug. Could you use OpenVAS8 on Centos 7? It's easy way to fix this issue :) -- Eero 2015-11-09 16:34 GMT+02:00 Helmut Koers <hko...@de.hellmann.net>: > Right, unfortunately it is still not working.. > > > 09.11.201515:05:33eero.t.voloti...@gmail.com wrote on 09.11.2015 > 15:05:33: > > > From: Eero Volotinen > <eero.voloti...@iki.fi>> To: Helmut Koers o...@de.hellmann.net>, > Cc: Chris <fisch@gmx.de>, openvas-disc > u...@wald.intevation.org> > Date: 09.11.2015 15:13> Subject: Re: [Openvas-discuss] S > ervice temporarily down> Sent by: eer > o.t.voloti...@gmail.com> > > > And s > till not working?> Eero> 9.11.2015 3.18 ip. "Helmut Koers" <HKoers@de.h > ellmann.net> kirjoitti:> No, I didn't. I did a clean Debian/OpenVAS > install just to test that > > issue, I have updated the certificates right after I have installed and > > tested OpenVAS to check if issue is still there, with no additional > > installations or upgrades. > > > > > > 09.11.201514:03:40eero.t.voloti...@gmail.com wrote on 09.11.2015 > > 14:03:40: > > > > > From: Eero Volotinen > > <eero.voloti...@iki.fi>> To: Helmut Koers > o...@de.hellmann.net>, > Cc: Chris <fisch@gmx.de>, > > "openvas-discuss@wald.intevation.org" > > > > s...@wald.intevation.org>> > > Date: 09.11.2015 14:03> Subject: Re: [Openvas-discuss] S > > ervice temporarily down> Sent by: eer > > o.t.voloti...@gmail.com> > > > Well, did you upgrade some > > packages like gnutls? > > > This might be related to software upgr > > ade, no > > t cert > > ificates..> > > > --> Eero> > > > 2015-11-09 15:00 GMT+02:00 Helmut Koers > ko...@de.hellmann.net>:> What I actually do not understand is, why is it > > working with the > > > certificates that are created during OpenVAS set up, but not with the > > ones > > > being created afterwards, using the same tools and versions of it? Can > > > that be related to any versions? > > > > > > > > > > > > From: Chris <fisch@gmx.de> > > > To: openvas-discuss@wald.intevation.org, > > > Date: 09.11.2015 13:17 > > > Subject:Re: [Openvas-discuss] Service temporarily down > > > Sent by:"Openvas-discuss" > > > <openvas-discuss-bounces@w > > ald.intevation.org> > > > > > > > > > > Usually problem might be related to some incorrect library versions. > > > > > > Might be related to one of those reports: > > > > > > https://wald.intevation.org/tracker/index.php? > > > func=detail=6572_id=29=220 > > > > > > http://comments.gmane.org/gmane.comp.security.openvas.users/6208 > > > https://bugs.gentoo.org/show_bug.cgi?id=525640 > > > ___ > > > Openvas-discuss mailing list > > > Openvas-discuss@wald.intevation.org > > > https://lists.wald.intevation.org/cgi-bin/mailman/l > > istinfo/openvas-discuss> > > 09.11.201512:56:56> > > > ___ > > > Openvas-discuss mailing list > > > Openvas-discuss@wald.intevation.org > > > > > > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss > ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Service temporarily down
Am 09.11.2015 um 15:47 schrieb matthew.mund...@greenbone.net: Where would I need to apply the update? I have not changed the file names of the certificates, so my question is, is it a link to the certificate files or will the content of the certificate files be imported into the database? The contents of the certificate files is stored in the database. The links are not stored. If the certificate changes then anything in the database that uses them must change too. may i ask why we now store certificates in databases? that makes it so much harder to handle for users, forget you self-sigend commands, just consider CA signed certificates which needs to rotate regulary sorry but i don't know any other software which does anything else then use the certificate files from a configuration and that's it signature.asc Description: OpenPGP digital signature ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Service temporarily down
So that seems to be related to Debian? May it have something to do with the fact that OpenVAS did no find any vulnerabilities in regards to certificates anymore, without applying any custom load commands? 09.11.201509:43:42eero.t.voloti...@gmail.com wrote on 09.11.2015 09:43:42: > From: Eero Volotinen> To: Helmut Koers , > Cc: "openvas-discuss@wald.intevation.org" discu s...@wald.intevation.org>> Date: 09.11.2015 09:43> Subject: Re: [Openvas-discuss] S ervice temporarily down> Sent by: eer o.t.voloti...@gmail.com> > Well, works fine for me. I am using Centos 7 and latest OpenVAS8.> > Maybe you should al so try with C entos 7 :)> > --> Eero> > 2015-11-09 9:55 GMT+02:00 Helmut Koers :> Yes, system clock is on correct time. > > I even tried to copy certificates from a fresh/working installation to an > updated/not working one and ran into the same issues. May there be a link > to the certificates anywhere, that need to be updated? > > > 08.11.201518:06:42eero.t.voloti...@gmail.com wrote on 08.11.2015 > 18:06:42: > > > From: Eero Volotinen > > To: Helmut Koers o...@de.hellmann.net>, > Cc: "openvas-discuss@wald.intevation.org" > > discu > s...@wald.intevation.org>> > Date: 08.11.2015 18:06> Subject: Re: [Openvas-discuss] S > ervice temporarily down> Sent by: eer > o.t.voloti...@gmail.com> > > Is the system clock o > n corr > ect time? > > > > --> Eero> > > 2015-11-08 20:02 GMT+03:00 Helmut Koers ko...@de.hellmann.net>:> It loads the certificates exactly from the place> I looked at, as you can > > see below. > > > > open("/var/lib/openvas/private/CA/serverkey.pem", O_RDONLY) = 5 > > open("/var/lib/openvas/CA/servercert.pem", O_RDONLY) = 5 > > open("/var/lib/openvas/CA/cacert.pem", O_RDONLY) = 5 > > > > I did a clean installation of Debian Jessie and OpenVAS8 using latest > > install media, and am having the same issues after renewing certificates > > as mentioned before. > > > > > > 06.11.201516:53:54eero.t.voloti...@gmail.com wrote on 06.11.2015 > > 16:53:54: > > > > > From: Eero Volotinen > > > To: Helmut Koers > o...@de.hellmann.net>, > Cc: openvas-disc > > u...@wald.intevation.org> > > Date: 06.11.2015 16:53> Subject: Re: [Openvas-discuss] S > > ervice temporarily down> Sent by: eer > > o > .t.voloti...@gmail.com>> > Well, you could start openvasmd under strace > like this strace -f -e > > > open openvasmd and look wher > > e it open certificates.> Maybe you are l > > ooking > > in wrong place..> Eero> 6.11.2015 3.51 ip. "Helmut Koers" > ellmann.net> kirjoitti:> Yes, I have tried both, deleting client, server > > and ca certs as well as > > > cert and keys (.../var/lib/openvas/CA/ und > > > .../var/lib/openvas/private/CA/), which then have been newly created. > > I've > > > tried it several time, but here was not difference, I am am still > seeing > > > the error message and am not able to execute a scan. > > > > > > > > > 06.11.201513:29:56eero.t.voloti...@gmail.com wrote on 06.11.2015 > > > 13:29:56: > > > > > > > From: Eero Volotinen > > > > To: Helmut Koers > > o...@de.hellmann.net>, > Cc: openvas-disc > > > u...@wald.intevation.org> > > > Date: 06.11.2015 13:30> Subject: Re: [Openvas-discuss] S > > > ervice temporarily down> Sent by: eer > > > o.t.voloti...@gmail.com> > > > > Well, did you really deleted server ca > > > , cert > > > and client cert?> Eero> 6.11.2015 12.57 ip. "Helmut Koers" > > > ellmann.net> kirjoitti:> Unfortunately, that did not solve the issue, > > same > > > error in GSAD than > > > > before. > > > > > > > > Not sure if I got the right error message in openvasmd.log before, > now > > I > > > > see the following: > > > > > > > > lib serv:WARNING:2015-11-06 11h51.21 CET:7977: > openvas_server_verify: > > > the > > > > certificate is not trusted > > > > lib serv:WARNING:2015-11-06 11h51.21 CET:7977: > openvas_server_verify: > > > the > > > > certificate hasn't got a known issuer > > > > event task:MESSAGE:2015-11-06 11h51.21 CET:7977: Task > > > > c0d4970e-cfa7-478f-9988-3dbfc3f11b52 could not be started by ovadmin > > > > > > > > I repeated the actions I have been received, but no change. > > > > > > > > > > > > 06.11.201510:59:20eero.t.voloti...@gmail.com wrote on 06.11.2015 > > > > 10:59:20: > > > > > > > > > From: Eero Volotinen > > > > > To: Helmut Koers > > > o...@de.hellmann.net>, > Cc: openvas-disc > > > > u...@wald.intevation.org> > > > > Date: 06.11.2015 10:59> Subject: Re: [Openvas-discuss] S > > > > ervice temporarily down> Sent by: eer > > > > o.t.voloti...@gmail.com> > > > > > Try to delete old ca and certs and then regener > > > > ate & > > > > restart services.> Eero> 6.11.2015 10.44 ap. "Helmut Koers" > > > > > ellmann.net> kirjoitti:> Hi all, > > > > > after renewing OpenVAS certificates as requested: > > > > > > > > > > openvas-mkcert -f -q > >
Re: [Openvas-discuss] Service temporarily down
Well, that might be related to Debian or something else. As I don't use Debian as my primary platform, it's a bit complex to say :) Atomic Corp provides working openvas8 rpm-packages and they work fine. Is there really recent debian packages for openvas8 or it is source installation only? Usually problem might be related to some incorrect library versions. -- Eero 2015-11-09 13:21 GMT+02:00 Helmut Koers: > So that seems to be related to Debian? May it have something to do with > the fact that OpenVAS did no find any vulnerabilities in regards to > certificates anymore, without applying any custom load commands? > > > 09.11.201509:43:42eero.t.voloti...@gmail.com wrote on 09.11.2015 > 09:43:42: > > > From: Eero Volotinen > > To: Helmut Koers o...@de.hellmann.net>, > Cc: "openvas-discuss@wald.intevation.org" > > discu > s...@wald.intevation.org>> > Date: 09.11.2015 09:43> Subject: Re: [Openvas-discuss] S > ervice temporarily down> Sent by: eer > o.t.voloti...@gmail.com> > > Well, works fine for me. I am using Centos > 7 and latest OpenVAS8.> > > Maybe you should al > so try > with C > entos 7 :)> > > --> Eero> > > 2015-11-09 9:55 GMT+02:00 Helmut Koers ko...@de.hellmann.net>:> Yes, system clock is on correct time. > > > > I even tried to copy certificates from a fresh/working installation to > an > > updated/not working one and ran into the same issues. May there be a > link > > to the certificates anywhere, that need to be updated? > > > > > > 08.11.201518:06:42eero.t.voloti...@gmail.com wrote on 08.11.2015 > > 18:06:42: > > > > > From: Eero Volotinen > > > To: Helmut Koers > o...@de.hellmann.net>, > Cc: "openvas-discuss@wald.intevation.org" > > > > discu > > s...@wald.intevation.org>> > > Date: 08.11.2015 18:06> Subject: Re: [Openvas-discuss] S > > ervice temporarily down> Sent by: eer > > o.t.voloti...@gmail.com> > > > Is the system clock o > > n corr > > ect time? > > > > > > --> Eero> > > > 2015-11-08 20:02 GMT+03:00 Helmut Koers > ko...@de.hellmann.net>:> It loads the certificates > exactly from the place> I looked at, as you can > > > see below. > > > > > > open("/var/lib/openvas/private/CA/serverkey.pem", O_RDONLY) = 5 > > > open("/var/lib/openvas/CA/servercert.pem", O_RDONLY) = 5 > > > open("/var/lib/openvas/CA/cacert.pem", O_RDONLY) = 5 > > > > > > I did a clean installation of Debian Jessie and OpenVAS8 using latest > > > install media, and am having the same issues after renewing > certificates > > > as mentioned before. > > > > > > > > > 06.11.201516:53:54eero.t.voloti...@gmail.com wrote on 06.11.2015 > > > 16:53:54: > > > > > > > From: Eero Volotinen > > > > To: Helmut Koers > > o...@de.hellmann.net>, > Cc: openvas-disc > > > u...@wald.intevation.org> > > > Date: 06.11.2015 16:53> Subject: Re: [Openvas-discuss] S > > > ervice temporarily down> Sent by: eer > > > o > > .t.voloti...@gmail.com>> > Well, you could start openvasmd under strace > > like this strace -f -e > > > > open openvasmd and look wher > > > e it open certificates.> Maybe you are l > > > ooking > > > in wrong place..> Eero> 6.11.2015 3.51 ip. "Helmut Koers" > > > ellmann.net> kirjoitti:> Yes, I have tried both, deleting client, > server > > > and ca certs as well as > > > > cert and keys (.../var/lib/openvas/CA/ und > > > > .../var/lib/openvas/private/CA/), which then have been newly > created. > > > I've > > > > tried it several time, but here was not difference, I am am still > > seeing > > > > the error message and am not able to execute a scan. > > > > > > > > > > > > 06.11.201513:29:56eero.t.voloti...@gmail.com wrote on 06.11.2015 > > > > 13:29:56: > > > > > > > > > From: Eero Volotinen > > > > > To: Helmut Koers > > > o...@de.hellmann.net>, > Cc: openvas-disc > > > > u...@wald.intevation.org> > > > > Date: 06.11.2015 13:30> Subject: Re: [Openvas-discuss] S > > > > ervice temporarily down> Sent by: eer > > > > o.t.voloti...@gmail.com> > > > > > Well, did you really deleted server ca > > > > , cert > > > > and client cert?> Eero> 6.11.2015 12.57 ip. "Helmut Koers" > > > > > ellmann.net> kirjoitti:> Unfortunately, that did not solve the > issue, > > > same > > > > error in GSAD than > > > > > before. > > > > > > > > > > Not sure if I got the right error message in openvasmd.log before, > > now > > > I > > > > > see the following: > > > > > > > > > > lib serv:WARNING:2015-11-06 11h51.21 CET:7977: > > openvas_server_verify: > > > > the > > > > > certificate is not trusted > > > > > lib serv:WARNING:2015-11-06 11h51.21 CET:7977: > > openvas_server_verify: > > > > the > > > > > certificate hasn't got a known issuer > > > > > event task:MESSAGE:2015-11-06 11h51.21 CET:7977: Task > > > > > c0d4970e-cfa7-478f-9988-3dbfc3f11b52 could not be started by > ovadmin > > > > > > > > > > I repeated the actions I have been received, but no change. > > > > > >
Re: [Openvas-discuss] Service temporarily down
Well, works fine for me. I am using Centos 7 and latest OpenVAS8. Maybe you should also try with Centos 7 :) -- Eero 2015-11-09 9:55 GMT+02:00 Helmut Koers: > Yes, system clock is on correct time. > > I even tried to copy certificates from a fresh/working installation to an > updated/not working one and ran into the same issues. May there be a link > to the certificates anywhere, that need to be updated? > > > 08.11.201518:06:42eero.t.voloti...@gmail.com wrote on 08.11.2015 > 18:06:42: > > > From: Eero Volotinen > > To: Helmut Koers o...@de.hellmann.net>, > Cc: "openvas-discuss@wald.intevation.org" > > discu > s...@wald.intevation.org>> > Date: 08.11.2015 18:06> Subject: Re: [Openvas-discuss] S > ervice temporarily down> Sent by: eer > o.t.voloti...@gmail.com> > > Is the system clock o > n corr > ect time? > > > > --> Eero> > > 2015-11-08 20:02 GMT+03:00 Helmut Koers ko...@de.hellmann.net>:> It loads the certificates exactly from the place > I looked at, as you can > > see below. > > > > open("/var/lib/openvas/private/CA/serverkey.pem", O_RDONLY) = 5 > > open("/var/lib/openvas/CA/servercert.pem", O_RDONLY) = 5 > > open("/var/lib/openvas/CA/cacert.pem", O_RDONLY) = 5 > > > > I did a clean installation of Debian Jessie and OpenVAS8 using latest > > install media, and am having the same issues after renewing certificates > > as mentioned before. > > > > > > 06.11.201516:53:54eero.t.voloti...@gmail.com wrote on 06.11.2015 > > 16:53:54: > > > > > From: Eero Volotinen > > > To: Helmut Koers > o...@de.hellmann.net>, > Cc: openvas-disc > > u...@wald.intevation.org> > > Date: 06.11.2015 16:53> Subject: Re: [Openvas-discuss] S > > ervice temporarily down> Sent by: eer > > o > .t.voloti...@gmail.com>> > Well, you could start openvasmd under strace > like this strace -f -e > > > open openvasmd and look wher > > e it open certificates.> Maybe you are l > > ooking > > in wrong place..> Eero> 6.11.2015 3.51 ip. "Helmut Koers" > ellmann.net> kirjoitti:> Yes, I have tried both, deleting client, server > > and ca certs as well as > > > cert and keys (.../var/lib/openvas/CA/ und > > > .../var/lib/openvas/private/CA/), which then have been newly created. > > I've > > > tried it several time, but here was not difference, I am am still > seeing > > > the error message and am not able to execute a scan. > > > > > > > > > 06.11.201513:29:56eero.t.voloti...@gmail.com wrote on 06.11.2015 > > > 13:29:56: > > > > > > > From: Eero Volotinen > > > > To: Helmut Koers > > o...@de.hellmann.net>, > Cc: openvas-disc > > > u...@wald.intevation.org> > > > Date: 06.11.2015 13:30> Subject: Re: [Openvas-discuss] S > > > ervice temporarily down> Sent by: eer > > > o.t.voloti...@gmail.com> > > > > Well, did you really deleted server ca > > > , cert > > > and client cert?> Eero> 6.11.2015 12.57 ip. "Helmut Koers" > > > ellmann.net> kirjoitti:> Unfortunately, that did not solve the issue, > > same > > > error in GSAD than > > > > before. > > > > > > > > Not sure if I got the right error message in openvasmd.log before, > now > > I > > > > see the following: > > > > > > > > lib serv:WARNING:2015-11-06 11h51.21 CET:7977: > openvas_server_verify: > > > the > > > > certificate is not trusted > > > > lib serv:WARNING:2015-11-06 11h51.21 CET:7977: > openvas_server_verify: > > > the > > > > certificate hasn't got a known issuer > > > > event task:MESSAGE:2015-11-06 11h51.21 CET:7977: Task > > > > c0d4970e-cfa7-478f-9988-3dbfc3f11b52 could not be started by ovadmin > > > > > > > > I repeated the actions I have been received, but no change. > > > > > > > > > > > > 06.11.201510:59:20eero.t.voloti...@gmail.com wrote on 06.11.2015 > > > > 10:59:20: > > > > > > > > > From: Eero Volotinen > > > > > To: Helmut Koers > > > o...@de.hellmann.net>, > Cc: openvas-disc > > > > u...@wald.intevation.org> > > > > Date: 06.11.2015 10:59> Subject: Re: [Openvas-discuss] S > > > > ervice temporarily down> Sent by: eer > > > > o.t.voloti...@gmail.com> > > > > > Try to delete old ca and certs and then regener > > > > ate & > > > > restart services.> Eero> 6.11.2015 10.44 ap. "Helmut Koers" > > > > > ellmann.net> kirjoitti:> Hi all, > > > > > after renewing OpenVAS certificates as requested: > > > > > > > > > > openvas-mkcert -f -q > > > > > openvas-mkcert-client -n -i > > > > > > > > > > and reooting the entire system, I can't run a scan anymore getting > > an > > > > > error message in GSAD saying: > > > > > > > > > > Operation: Start Task > > > > > Status code:503 > > > > > Status message: Service temporarily down > > > > > > > > > > The openvasmd.log shows the following: > > > > > > > > > > lib serv:WARNING:2015-11-06 09h36.44 CET:966: Failed to shake > hands > > > > with > > > > > peer: The TLS connection was non-properly terminated. > > > > > lib
Re: [Openvas-discuss] Service temporarily down
Is the system clock on correct time? -- Eero 2015-11-08 20:02 GMT+03:00 Helmut Koers: > It loads the certificates exactly from the place I looked at, as you can > see below. > > open("/var/lib/openvas/private/CA/serverkey.pem", O_RDONLY) = 5 > open("/var/lib/openvas/CA/servercert.pem", O_RDONLY) = 5 > open("/var/lib/openvas/CA/cacert.pem", O_RDONLY) = 5 > > I did a clean installation of Debian Jessie and OpenVAS8 using latest > install media, and am having the same issues after renewing certificates > as mentioned before. > > > 06.11.201516:53:54eero.t.voloti...@gmail.com wrote on 06.11.2015 > 16:53:54: > > > From: Eero Volotinen > > To: Helmut Koers o...@de.hellmann.net>, > Cc: openvas-disc > u...@wald.intevation.org> > Date: 06.11.2015 16:53> Subject: Re: [Openvas-discuss] S > ervice temporarily down> Sent by: eer > o.t.voloti...@gmail.com> > > Well, you could start openvasmd under strace like this strace -f -e > > open openvasmd and look wher > e it open certificates.> Maybe you are l > ooking > in wrong place..> Eero> 6.11.2015 3.51 ip. "Helmut Koers" ellmann.net> kirjoitti:> Yes, I have tried both, deleting client, server > and ca certs as well as > > cert and keys (.../var/lib/openvas/CA/ und > > .../var/lib/openvas/private/CA/), which then have been newly created. > I've > > tried it several time, but here was not difference, I am am still seeing > > the error message and am not able to execute a scan. > > > > > > 06.11.201513:29:56eero.t.voloti...@gmail.com wrote on 06.11.2015 > > 13:29:56: > > > > > From: Eero Volotinen > > > To: Helmut Koers > o...@de.hellmann.net>, > Cc: openvas-disc > > u...@wald.intevation.org> > > Date: 06.11.2015 13:30> Subject: Re: [Openvas-discuss] S > > ervice temporarily down> Sent by: eer > > o.t.voloti...@gmail.com> > > > Well, did you really deleted server ca > > , cert > > and client cert?> Eero> 6.11.2015 12.57 ip. "Helmut Koers" > ellmann.net> kirjoitti:> Unfortunately, that did not solve the issue, > same > > error in GSAD than > > > before. > > > > > > Not sure if I got the right error message in openvasmd.log before, now > I > > > see the following: > > > > > > lib serv:WARNING:2015-11-06 11h51.21 CET:7977: openvas_server_verify: > > the > > > certificate is not trusted > > > lib serv:WARNING:2015-11-06 11h51.21 CET:7977: openvas_server_verify: > > the > > > certificate hasn't got a known issuer > > > event task:MESSAGE:2015-11-06 11h51.21 CET:7977: Task > > > c0d4970e-cfa7-478f-9988-3dbfc3f11b52 could not be started by ovadmin > > > > > > I repeated the actions I have been received, but no change. > > > > > > > > > 06.11.201510:59:20eero.t.voloti...@gmail.com wrote on 06.11.2015 > > > 10:59:20: > > > > > > > From: Eero Volotinen > > > > To: Helmut Koers > > o...@de.hellmann.net>, > Cc: openvas-disc > > > u...@wald.intevation.org> > > > Date: 06.11.2015 10:59> Subject: Re: [Openvas-discuss] S > > > ervice temporarily down> Sent by: eer > > > o.t.voloti...@gmail.com> > > > > Try to delete old ca and certs and then regener > > > ate & > > > restart services.> Eero> 6.11.2015 10.44 ap. "Helmut Koers" > > > ellmann.net> kirjoitti:> Hi all, > > > > after renewing OpenVAS certificates as requested: > > > > > > > > openvas-mkcert -f -q > > > > openvas-mkcert-client -n -i > > > > > > > > and reooting the entire system, I can't run a scan anymore getting > an > > > > error message in GSAD saying: > > > > > > > > Operation: Start Task > > > > Status code:503 > > > > Status message: Service temporarily down > > > > > > > > The openvasmd.log shows the following: > > > > > > > > lib serv:WARNING:2015-11-06 09h36.44 CET:966: Failed to shake hands > > > with > > > > peer: The TLS connection was non-properly terminated. > > > > lib serv:WARNING:2015-11-06 09h36.44 CET:966: Failed to shutdown > > server > > > > socket > > > > event task:MESSAGE:2015-11-06 09h36.44 CET:966: Task > > > > 2e6cc5ec-27e3-4f29-8e53-8b2e6af6c81d could not be started by admin > > > > > > > > I am running OpenVAS 8 on Debian Jessie. > > > > > > > > Any advice is appreciated. > > > > ___ > > > > Openvas-discuss mailing list > > > > Openvas-discuss@wald.intevation.org > > > > > > > > > > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss > ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Service temporarily down
Try to delete old ca and certs and then regenerate & restart services. Eero 6.11.2015 10.44 ap. "Helmut Koers"kirjoitti: > Hi all, > after renewing OpenVAS certificates as requested: > > openvas-mkcert -f -q > openvas-mkcert-client -n -i > > and reooting the entire system, I can't run a scan anymore getting an > error message in GSAD saying: > > Operation: Start Task > Status code:503 > Status message: Service temporarily down > > The openvasmd.log shows the following: > > lib serv:WARNING:2015-11-06 09h36.44 CET:966: Failed to shake hands with > peer: The TLS connection was non-properly terminated. > lib serv:WARNING:2015-11-06 09h36.44 CET:966: Failed to shutdown server > socket > event task:MESSAGE:2015-11-06 09h36.44 CET:966: Task > 2e6cc5ec-27e3-4f29-8e53-8b2e6af6c81d could not be started by admin > > I am running OpenVAS 8 on Debian Jessie. > > Any advice is appreciated. > ___ > Openvas-discuss mailing list > Openvas-discuss@wald.intevation.org > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss > ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Service temporarily down
I have not changed the certificates, but just renewed the standard ones. Thus the certificate files, that are mentioned in the tasks, stayed the same as before. Nevertheless I have executed the tasks described under the link with no success. Is there anything else I can do to get the issue solved? 06.11.201510:54:40"Openvas-discuss"wrote on 06.11.2015 10:54:40: > From: Michael Meyer > To: openvas-discus s...@wald.intevation.org, > Date: 06.11.2015 10:54> Subject: Re: [Openvas-discuss] S ervice temporarily down> Sent by: "Openvas-discuss" > > *** Helmut Koers wrote: > > > after renewing OpenVAS certificates as requested: > > > > openvas-mkcert -f -q > > openvas-mkcert-client -n -i > > > > and reooting the entire system, I can't run a scan anymore getting an > > error message in GSAD saying: > > > > Operation: Start Task > > Status code:503 > > Status message: Service temporarily down > > https://svn.wald.intevation.org/svn/openvas/trunk/openvas-manager/INSTALL -> > "Updating Scanner Certificates". > > HTH > > Micha > > -- > Michael Meyer OpenPGP Key: 0xAF069E9152A6EFA6 > http://www.greenbone.net/ > Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG > Osnabrück, HR B 202460 > Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner > ___ > Openvas-discuss mailing list > Openvas-discuss@wald.intevation.org > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] Service temporarily down
Hi all, after renewing OpenVAS certificates as requested: openvas-mkcert -f -q openvas-mkcert-client -n -i and reooting the entire system, I can't run a scan anymore getting an error message in GSAD saying: Operation: Start Task Status code:503 Status message: Service temporarily down The openvasmd.log shows the following: lib serv:WARNING:2015-11-06 09h36.44 CET:966: Failed to shake hands with peer: The TLS connection was non-properly terminated. lib serv:WARNING:2015-11-06 09h36.44 CET:966: Failed to shutdown server socket event task:MESSAGE:2015-11-06 09h36.44 CET:966: Task 2e6cc5ec-27e3-4f29-8e53-8b2e6af6c81d could not be started by admin I am running OpenVAS 8 on Debian Jessie. Any advice is appreciated. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Service temporarily down
*** Helmut Koers wrote: > after renewing OpenVAS certificates as requested: > > openvas-mkcert -f -q > openvas-mkcert-client -n -i > > and reooting the entire system, I can't run a scan anymore getting an > error message in GSAD saying: > > Operation: Start Task > Status code:503 > Status message: Service temporarily down https://svn.wald.intevation.org/svn/openvas/trunk/openvas-manager/INSTALL -> "Updating Scanner Certificates". HTH Micha -- Michael Meyer OpenPGP Key: 0xAF069E9152A6EFA6 http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Service temporarily down
Unfortunately, that did not solve the issue, same error in GSAD than before. Not sure if I got the right error message in openvasmd.log before, now I see the following: lib serv:WARNING:2015-11-06 11h51.21 CET:7977: openvas_server_verify: the certificate is not trusted lib serv:WARNING:2015-11-06 11h51.21 CET:7977: openvas_server_verify: the certificate hasn't got a known issuer event task:MESSAGE:2015-11-06 11h51.21 CET:7977: Task c0d4970e-cfa7-478f-9988-3dbfc3f11b52 could not be started by ovadmin I repeated the actions I have been received, but no change. 06.11.201510:59:20eero.t.voloti...@gmail.com wrote on 06.11.2015 10:59:20: > From: Eero Volotinen> To: Helmut Koers , > Cc: openvas-disc u...@wald.intevation.org> Date: 06.11.2015 10:59> Subject: Re: [Openvas-discuss] S ervice temporarily down> Sent by: eer o.t.voloti...@gmail.com> > Try to delete old ca and certs and then regener ate & restart services.> Eero> 6.11.2015 10.44 ap. "Helmut Koers" kirjoitti:> Hi all, > after renewing OpenVAS certificates as requested: > > openvas-mkcert -f -q > openvas-mkcert-client -n -i > > and reooting the entire system, I can't run a scan anymore getting an > error message in GSAD saying: > > Operation: Start Task > Status code:503 > Status message: Service temporarily down > > The openvasmd.log shows the following: > > lib serv:WARNING:2015-11-06 09h36.44 CET:966: Failed to shake hands with > peer: The TLS connection was non-properly terminated. > lib serv:WARNING:2015-11-06 09h36.44 CET:966: Failed to shutdown server > socket > event task:MESSAGE:2015-11-06 09h36.44 CET:966: Task > 2e6cc5ec-27e3-4f29-8e53-8b2e6af6c81d could not be started by admin > > I am running OpenVAS 8 on Debian Jessie. > > Any advice is appreciated. > ___ > Openvas-discuss mailing list > Openvas-discuss@wald.intevation.org > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Service temporarily down
Morning, i think i had a similar problem but not exactly yours. What i had to do was to update the certificate for the user „om“. Right now i can’t look what the exact problem was but the solution was: openvas-mkcert-client -n om -i Regards Rene > Am 06.11.2015 um 11:36 schrieb Helmut Koers: > > I have not changed the certificates, but just renewed the standard ones. > Thus the certificate files, that are mentioned in the tasks, stayed the > same as before. > > Nevertheless I have executed the tasks described under the link with no > success. > > Is there anything else I can do to get the issue solved? > > > 06.11.201510:54:40"Openvas-discuss" > wrote on 06.11.2015 > 10:54:40: > >> From: Michael Meyer el.me...@greenbone.net>> To: openvas-discus > s...@wald.intevation.org, > > Date: 06.11.2015 10:54> Subject: Re: [Openvas-discuss] S > ervice temporarily down> Sent by: "Openvas-discuss" e...@wald.intevation.org>> >> *** Helmut Koers wrote: >> >>> after renewing OpenVAS certificates as requested: >>> >>> openvas-mkcert -f -q >>> openvas-mkcert-client -n -i >>> >>> and reooting the entire system, I can't run a scan anymore getting an >>> error message in GSAD saying: >>> >>> Operation: Start Task >>> Status code:503 >>> Status message: Service temporarily down >> >> > https://svn.wald.intevation.org/svn/openvas/trunk/openvas-manager/INSTALL > -> >> "Updating Scanner Certificates". >> >> HTH >> >> Micha >> >> -- >> Michael Meyer OpenPGP Key: 0xAF069E9152A6EFA6 >> http://www.greenbone.net/ >> Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG >> Osnabrück, HR B 202460 >> Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner >> ___ >> Openvas-discuss mailing list >> Openvas-discuss@wald.intevation.org >> > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss > > ___ > Openvas-discuss mailing list > Openvas-discuss@wald.intevation.org > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Service temporarily down
Yes, I have tried both, deleting client, server and ca certs as well as cert and keys (.../var/lib/openvas/CA/ und .../var/lib/openvas/private/CA/), which then have been newly created. I've tried it several time, but here was not difference, I am am still seeing the error message and am not able to execute a scan. 06.11.201513:29:56eero.t.voloti...@gmail.com wrote on 06.11.2015 13:29:56: > From: Eero Volotinen> To: Helmut Koers , > Cc: openvas-disc u...@wald.intevation.org> Date: 06.11.2015 13:30> Subject: Re: [Openvas-discuss] S ervice temporarily down> Sent by: eer o.t.voloti...@gmail.com> > Well, did you really deleted server ca , cert and client cert?> Eero> 6.11.2015 12.57 ip. "Helmut Koers" kirjoitti:> Unfortunately, that did not solve the issue, same error in GSAD than > before. > > Not sure if I got the right error message in openvasmd.log before, now I > see the following: > > lib serv:WARNING:2015-11-06 11h51.21 CET:7977: openvas_server_verify: the > certificate is not trusted > lib serv:WARNING:2015-11-06 11h51.21 CET:7977: openvas_server_verify: the > certificate hasn't got a known issuer > event task:MESSAGE:2015-11-06 11h51.21 CET:7977: Task > c0d4970e-cfa7-478f-9988-3dbfc3f11b52 could not be started by ovadmin > > I repeated the actions I have been received, but no change. > > > 06.11.201510:59:20eero.t.voloti...@gmail.com wrote on 06.11.2015 > 10:59:20: > > > From: Eero Volotinen > > To: Helmut Koers o...@de.hellmann.net>, > Cc: openvas-disc > u...@wald.intevation.org> > Date: 06.11.2015 10:59> Subject: Re: [Openvas-discuss] S > ervice temporarily down> Sent by: eer > o.t.voloti...@gmail.com> > > Try to delete old ca and certs and then regener > ate & > restart services.> Eero> 6.11.2015 10.44 ap. "Helmut Koers" ellmann.net> kirjoitti:> Hi all, > > after renewing OpenVAS certificates as requested: > > > > openvas-mkcert -f -q > > openvas-mkcert-client -n -i > > > > and reooting the entire system, I can't run a scan anymore getting an > > error message in GSAD saying: > > > > Operation: Start Task > > Status code:503 > > Status message: Service temporarily down > > > > The openvasmd.log shows the following: > > > > lib serv:WARNING:2015-11-06 09h36.44 CET:966: Failed to shake hands > with > > peer: The TLS connection was non-properly terminated. > > lib serv:WARNING:2015-11-06 09h36.44 CET:966: Failed to shutdown server > > socket > > event task:MESSAGE:2015-11-06 09h36.44 CET:966: Task > > 2e6cc5ec-27e3-4f29-8e53-8b2e6af6c81d could not be started by admin > > > > I am running OpenVAS 8 on Debian Jessie. > > > > Any advice is appreciated. > > ___ > > Openvas-discuss mailing list > > Openvas-discuss@wald.intevation.org > > > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Service temporarily down
Well, you could start openvasmd under strace like this strace -f -e open openvasmd and look where it open certificates. Maybe you are looking in wrong place.. Eero 6.11.2015 3.51 ip. "Helmut Koers"kirjoitti: > Yes, I have tried both, deleting client, server and ca certs as well as > cert and keys (.../var/lib/openvas/CA/ und > .../var/lib/openvas/private/CA/), which then have been newly created. I've > tried it several time, but here was not difference, I am am still seeing > the error message and am not able to execute a scan. > > > 06.11.201513:29:56eero.t.voloti...@gmail.com wrote on 06.11.2015 > 13:29:56: > > > From: Eero Volotinen > > To: Helmut Koers o...@de.hellmann.net>, > Cc: openvas-disc > u...@wald.intevation.org> > Date: 06.11.2015 13:30> Subject: Re: [Openvas-discuss] S > ervice temporarily down> Sent by: eer > o.t.voloti...@gmail.com> > > Well, did you really deleted server ca > , cert > and client cert?> Eero> 6.11.2015 12.57 ip. "Helmut Koers" ellmann.net> kirjoitti:> Unfortunately, that did not solve the issue, same > error in GSAD than > > before. > > > > Not sure if I got the right error message in openvasmd.log before, now I > > see the following: > > > > lib serv:WARNING:2015-11-06 11h51.21 CET:7977: openvas_server_verify: > the > > certificate is not trusted > > lib serv:WARNING:2015-11-06 11h51.21 CET:7977: openvas_server_verify: > the > > certificate hasn't got a known issuer > > event task:MESSAGE:2015-11-06 11h51.21 CET:7977: Task > > c0d4970e-cfa7-478f-9988-3dbfc3f11b52 could not be started by ovadmin > > > > I repeated the actions I have been received, but no change. > > > > > > 06.11.201510:59:20eero.t.voloti...@gmail.com wrote on 06.11.2015 > > 10:59:20: > > > > > From: Eero Volotinen > > > To: Helmut Koers > o...@de.hellmann.net>, > Cc: openvas-disc > > u...@wald.intevation.org> > > Date: 06.11.2015 10:59> Subject: Re: [Openvas-discuss] S > > ervice temporarily down> Sent by: eer > > o.t.voloti...@gmail.com> > > > Try to delete old ca and certs and then regener > > ate & > > restart services.> Eero> 6.11.2015 10.44 ap. "Helmut Koers" > ellmann.net> kirjoitti:> Hi all, > > > after renewing OpenVAS certificates as requested: > > > > > > openvas-mkcert -f -q > > > openvas-mkcert-client -n -i > > > > > > and reooting the entire system, I can't run a scan anymore getting an > > > error message in GSAD saying: > > > > > > Operation: Start Task > > > Status code:503 > > > Status message: Service temporarily down > > > > > > The openvasmd.log shows the following: > > > > > > lib serv:WARNING:2015-11-06 09h36.44 CET:966: Failed to shake hands > > with > > > peer: The TLS connection was non-properly terminated. > > > lib serv:WARNING:2015-11-06 09h36.44 CET:966: Failed to shutdown > server > > > socket > > > event task:MESSAGE:2015-11-06 09h36.44 CET:966: Task > > > 2e6cc5ec-27e3-4f29-8e53-8b2e6af6c81d could not be started by admin > > > > > > I am running OpenVAS 8 on Debian Jessie. > > > > > > Any advice is appreciated. > > > ___ > > > Openvas-discuss mailing list > > > Openvas-discuss@wald.intevation.org > > > > > > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss > ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Service temporarily down
Well, did you really deleted server ca, cert and client cert? Eero 6.11.2015 12.57 ip. "Helmut Koers"kirjoitti: > Unfortunately, that did not solve the issue, same error in GSAD than > before. > > Not sure if I got the right error message in openvasmd.log before, now I > see the following: > > lib serv:WARNING:2015-11-06 11h51.21 CET:7977: openvas_server_verify: the > certificate is not trusted > lib serv:WARNING:2015-11-06 11h51.21 CET:7977: openvas_server_verify: the > certificate hasn't got a known issuer > event task:MESSAGE:2015-11-06 11h51.21 CET:7977: Task > c0d4970e-cfa7-478f-9988-3dbfc3f11b52 could not be started by ovadmin > > I repeated the actions I have been received, but no change. > > > 06.11.201510:59:20eero.t.voloti...@gmail.com wrote on 06.11.2015 > 10:59:20: > > > From: Eero Volotinen > > To: Helmut Koers o...@de.hellmann.net>, > Cc: openvas-disc > u...@wald.intevation.org> > Date: 06.11.2015 10:59> Subject: Re: [Openvas-discuss] S > ervice temporarily down> Sent by: eer > o.t.voloti...@gmail.com> > > Try to delete old ca and certs and then regener > ate & > restart services.> Eero> 6.11.2015 10.44 ap. "Helmut Koers" ellmann.net> kirjoitti:> Hi all, > > after renewing OpenVAS certificates as requested: > > > > openvas-mkcert -f -q > > openvas-mkcert-client -n -i > > > > and reooting the entire system, I can't run a scan anymore getting an > > error message in GSAD saying: > > > > Operation: Start Task > > Status code:503 > > Status message: Service temporarily down > > > > The openvasmd.log shows the following: > > > > lib serv:WARNING:2015-11-06 09h36.44 CET:966: Failed to shake hands > with > > peer: The TLS connection was non-properly terminated. > > lib serv:WARNING:2015-11-06 09h36.44 CET:966: Failed to shutdown server > > socket > > event task:MESSAGE:2015-11-06 09h36.44 CET:966: Task > > 2e6cc5ec-27e3-4f29-8e53-8b2e6af6c81d could not be started by admin > > > > I am running OpenVAS 8 on Debian Jessie. > > > > Any advice is appreciated. > > ___ > > Openvas-discuss mailing list > > Openvas-discuss@wald.intevation.org > > > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss > ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Service temporarily down
Thanks very much I'll try. Sent from handheld device On Mar 5, 2014 4:38 PM, Ryan Schulze r...@dopefish.de wrote: Hmm, I haven't seen that one before. I don't have a CentOS server here to test with, but off the top of my head I'd say it would seem that the manager process is having difficulty connecting to the scanner. I'd check if the scanner is running and the manager is configured to connect to it's port (and no firewall is blocking it). Sorry I couldn't give you any more specific help. Maybe someone else on the list with more experience with the CentOS packages and startup script configurations can help you further. On 3/4/2014 8:55 PM, Peter Collins wrote: Thank you Ryan. Here are the outputs of what you requested: less openvasad.log lib auth: INFO:2014-03-02 20h00.23 PST:8338: Authentication configuration not found. lib auth: INFO:2014-03-02 20h27.59 PST:1491: Authentication configuration not found. lib auth: INFO:2014-03-02 20h34.09 PST:1528: Authentication configuration not found. lib auth: INFO:2014-03-02 20h50.26 PST:1469: Authentication configuration not found. lib auth: INFO:2014-03-04 18h40.47 PST:1468: Authentication configuration not found. tail *vasmd.log lib serv:WARNING:2014-03-05 02h48.27 utc:2145: openvas_server_connect: failed to connect to server (interrupted): Connection refused event auth:MESSAGE:2014-03-05 02h48.27 utc:2145: Authentication success for user pcollins (9595afc7-3a24-4b97-9320-db2ac2510e66) lib serv:WARNING:2014-03-05 02h48.27 UTC:2145:Failed to gnutls_bye: Error in the push function. lib serv:WARNING:2014-03-05 02h48.32 utc:2150: openvas_server_connect: failed to connect to server (interrupted): Connection refused event auth:MESSAGE:2014-03-05 02h48.32 utc:2150: Authentication success for user pcollins (9595afc7-3a24-4b97-9320-db2ac2510e66) event task:MESSAGE:2014-03-05 02h48.32 UTC:2150: Task fe1af5f6-c589-4a64-b9b2-1ade94d11234 could not be started by pcollins lib serv:WARNING:2014-03-05 02h48.32 UTC:2150:Failed to gnutls_bye: Error in the push function. lib serv:WARNING:2014-03-05 02h48.32 utc:2151: openvas_server_connect: failed to connect to server (interrupted): Connection refused event auth:MESSAGE:2014-03-05 02h48.32 utc:2151: Authentication success for user pcollins (9595afc7-3a24-4b97-9320-db2ac2510e66) lib serv:WARNING:2014-03-05 02h48.32 UTC:2151:Failed to gnutls_bye: Error in the push function. tail *vassd.log [Mon Mar 3 04:00:24 2014][8377] openvassd 3.4.0 started [Mon Mar 3 04:16:05 2014][9436] Communication closed by client [Mon Mar 3 04:27:02 2014][8377] received the TERM signal omp --username=foo --password=bar --get-tasks Failed to authenticate. On Tue, Mar 4, 2014 at 8:57 AM, Ryan Schulze r...@dopefish.de wrote: Is there anything useful in the GSA or OpenVAS Manager Logs? To determine if the problem is with GSA or the manager: does the cli work (something like omp --username=foo --password=bar --get-tasks)? On 3/4/2014 10:05 AM, Peter Collins wrote: I installed CentOS fresh, and immediately used Atomic to install OpenVAS with yum. Everything went perfectly. But when I go into Greenbone and attempt a simple scan, I get: Operation: Start Task Status code: 503 Status message: Service temporarily down And if I refresh that page I get a new error page saying Internal error: request_handler:2869 (GSA 4.0.2) An internal error occured inside GSA daemon. Diagnostics:Token missing or bad. Your options (not all may work): 'Back' button of browser | Login I tried the options and they don't work. Any ideas please? Thanks Peter ___ Openvas-discuss mailing listOpenvas-discuss@wald.intevation.orghttps://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Service temporarily down
Does anyone want to ssh into my system and check this problem? I can email you the access stuff. Peter On Thu, Mar 6, 2014 at 5:52 AM, Peter Collins p...@coolwarm.com wrote: Thanks very much I'll try. Sent from handheld device On Mar 5, 2014 4:38 PM, Ryan Schulze r...@dopefish.de wrote: Hmm, I haven't seen that one before. I don't have a CentOS server here to test with, but off the top of my head I'd say it would seem that the manager process is having difficulty connecting to the scanner. I'd check if the scanner is running and the manager is configured to connect to it's port (and no firewall is blocking it). Sorry I couldn't give you any more specific help. Maybe someone else on the list with more experience with the CentOS packages and startup script configurations can help you further. On 3/4/2014 8:55 PM, Peter Collins wrote: Thank you Ryan. Here are the outputs of what you requested: less openvasad.log lib auth: INFO:2014-03-02 20h00.23 PST:8338: Authentication configuration not found. lib auth: INFO:2014-03-02 20h27.59 PST:1491: Authentication configuration not found. lib auth: INFO:2014-03-02 20h34.09 PST:1528: Authentication configuration not found. lib auth: INFO:2014-03-02 20h50.26 PST:1469: Authentication configuration not found. lib auth: INFO:2014-03-04 18h40.47 PST:1468: Authentication configuration not found. tail *vasmd.log lib serv:WARNING:2014-03-05 02h48.27 utc:2145: openvas_server_connect: failed to connect to server (interrupted): Connection refused event auth:MESSAGE:2014-03-05 02h48.27 utc:2145: Authentication success for user pcollins (9595afc7-3a24-4b97-9320-db2ac2510e66) lib serv:WARNING:2014-03-05 02h48.27 UTC:2145:Failed to gnutls_bye: Error in the push function. lib serv:WARNING:2014-03-05 02h48.32 utc:2150: openvas_server_connect: failed to connect to server (interrupted): Connection refused event auth:MESSAGE:2014-03-05 02h48.32 utc:2150: Authentication success for user pcollins (9595afc7-3a24-4b97-9320-db2ac2510e66) event task:MESSAGE:2014-03-05 02h48.32 UTC:2150: Task fe1af5f6-c589-4a64-b9b2-1ade94d11234 could not be started by pcollins lib serv:WARNING:2014-03-05 02h48.32 UTC:2150:Failed to gnutls_bye: Error in the push function. lib serv:WARNING:2014-03-05 02h48.32 utc:2151: openvas_server_connect: failed to connect to server (interrupted): Connection refused event auth:MESSAGE:2014-03-05 02h48.32 utc:2151: Authentication success for user pcollins (9595afc7-3a24-4b97-9320-db2ac2510e66) lib serv:WARNING:2014-03-05 02h48.32 UTC:2151:Failed to gnutls_bye: Error in the push function. tail *vassd.log [Mon Mar 3 04:00:24 2014][8377] openvassd 3.4.0 started [Mon Mar 3 04:16:05 2014][9436] Communication closed by client [Mon Mar 3 04:27:02 2014][8377] received the TERM signal omp --username=foo --password=bar --get-tasks Failed to authenticate. On Tue, Mar 4, 2014 at 8:57 AM, Ryan Schulze r...@dopefish.de wrote: Is there anything useful in the GSA or OpenVAS Manager Logs? To determine if the problem is with GSA or the manager: does the cli work (something like omp --username=foo --password=bar --get-tasks)? On 3/4/2014 10:05 AM, Peter Collins wrote: I installed CentOS fresh, and immediately used Atomic to install OpenVAS with yum. Everything went perfectly. But when I go into Greenbone and attempt a simple scan, I get: Operation: Start Task Status code: 503 Status message: Service temporarily down And if I refresh that page I get a new error page saying Internal error: request_handler:2869 (GSA 4.0.2) An internal error occured inside GSA daemon. Diagnostics:Token missing or bad. Your options (not all may work): 'Back' button of browser | Login I tried the options and they don't work. Any ideas please? Thanks Peter ___ Openvas-discuss mailing listOpenvas-discuss@wald.intevation.orghttps://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Service temporarily down
Hmm, I haven't seen that one before. I don't have a CentOS server here to test with, but off the top of my head I'd say it would seem that the manager process is having difficulty connecting to the scanner. I'd check if the scanner is running and the manager is configured to connect to it's port (and no firewall is blocking it). Sorry I couldn't give you any more specific help. Maybe someone else on the list with more experience with the CentOS packages and startup script configurations can help you further. On 3/4/2014 8:55 PM, Peter Collins wrote: Thank you Ryan. Here are the outputs of what you requested: less openvasad.log lib auth: INFO:2014-03-02 20h00.23 PST:8338: Authentication configuration not found. lib auth: INFO:2014-03-02 20h27.59 PST:1491: Authentication configuration not found. lib auth: INFO:2014-03-02 20h34.09 PST:1528: Authentication configuration not found. lib auth: INFO:2014-03-02 20h50.26 PST:1469: Authentication configuration not found. lib auth: INFO:2014-03-04 18h40.47 PST:1468: Authentication configuration not found. tail *vasmd.log lib serv:WARNING:2014-03-05 02h48.27 utc:2145: openvas_server_connect: failed to connect to server (interrupted): Connection refused event auth:MESSAGE:2014-03-05 02h48.27 utc:2145: Authentication success for user pcollins (9595afc7-3a24-4b97-9320-db2ac2510e66) lib serv:WARNING:2014-03-05 02h48.27 UTC:2145:Failed to gnutls_bye: Error in the push function. lib serv:WARNING:2014-03-05 02h48.32 utc:2150: openvas_server_connect: failed to connect to server (interrupted): Connection refused event auth:MESSAGE:2014-03-05 02h48.32 utc:2150: Authentication success for user pcollins (9595afc7-3a24-4b97-9320-db2ac2510e66) event task:MESSAGE:2014-03-05 02h48.32 UTC:2150: Task fe1af5f6-c589-4a64-b9b2-1ade94d11234 could not be started by pcollins lib serv:WARNING:2014-03-05 02h48.32 UTC:2150:Failed to gnutls_bye: Error in the push function. lib serv:WARNING:2014-03-05 02h48.32 utc:2151: openvas_server_connect: failed to connect to server (interrupted): Connection refused event auth:MESSAGE:2014-03-05 02h48.32 utc:2151: Authentication success for user pcollins (9595afc7-3a24-4b97-9320-db2ac2510e66) lib serv:WARNING:2014-03-05 02h48.32 UTC:2151:Failed to gnutls_bye: Error in the push function. tail *vassd.log [Mon Mar 3 04:00:24 2014][8377] openvassd 3.4.0 started [Mon Mar 3 04:16:05 2014][9436] Communication closed by client [Mon Mar 3 04:27:02 2014][8377] received the TERM signal omp --username=foo --password=bar --get-tasks Failed to authenticate. On Tue, Mar 4, 2014 at 8:57 AM, Ryan Schulze r...@dopefish.de mailto:r...@dopefish.de wrote: Is there anything useful in the GSA or OpenVAS Manager Logs? To determine if the problem is with GSA or the manager: does the cli work (something like omp --username=foo --password=bar --get-tasks)? On 3/4/2014 10:05 AM, Peter Collins wrote: I installed CentOS fresh, and immediately used Atomic to install OpenVAS with yum. Everything went perfectly. But when I go into Greenbone and attempt a simple scan, I get: Operation: Start Task Status code:503 Status message: Service temporarily down And if I refresh that page I get a new error page saying Internal error: request_handler:2869 (GSA 4.0.2) An internal error occured inside GSA daemon. Diagnostics:Token missing or bad. Your options (not all may work): 'Back' button of browser | Login I tried the options and they don't work. Any ideas please? Thanks Peter ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org mailto:Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss smime.p7s Description: S/MIME Cryptographic Signature ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] Service temporarily down
I installed CentOS fresh, and immediately used Atomic to install OpenVAS with yum. Everything went perfectly. But when I go into Greenbone and attempt a simple scan, I get: Operation:Start TaskStatus code:503Status message:Service temporarily down And if I refresh that page I get a new error page saying Internal error: request_handler:2869 (GSA 4.0.2) An internal error occured inside GSA daemon. Diagnostics:Token missing or bad. Your options (not all may work): 'Back' button of browser | Login I tried the options and they don't work. Any ideas please? Thanks Peter ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss